<?php
session_start();//必须在任何HTML输出之前开启会话
$username = trim($_POST['username']); //通过全局数组$_POST读取前端表单name为username的表单值
$usernameReg = "/^[a-zA-Z0-9]{3,10}$/";
if(!preg_match($usernameReg,$username)){
    echo "<script>alert('用户名只能是大小写字母、数字，长度为3-10！');history.back();</script>";
    exit;
}
$pw = trim($_POST['pw']);
$pwReg = "/^[A-Za-z0-9_\-*]{6,10}$/";
if(!preg_match($pwReg,$pw)){
    echo "<script>alert('密码只能是大小写字母、数字、_、-、*，长度为6-10！');history.back();</script>";
    exit;
}
$pw = md5($pw);
include 'conn.php';
$sql = "select * from userinfo where username = '$username' and pw = '$pw'";
$result = mysqli_query($conn,$sql); //返回的内容是一个结果集（记录集）
if(mysqli_num_rows($result)){
    echo "<script>alert('登录成功！');location.href='index.php';</script>";
    //$_SESSION['isLogged'] = 1;
    $_SESSION['loggedUsername'] = $username;
}
else{
    echo "<script>alert('用户名或密码错误！');history.back();</script>";
    //unset($_SESSION['isLogged']);
    session_destroy();
}